On Mon, Nov 16, 2020, 10:07 Sebastian Luna Valero < [email protected]> wrote:
> > Hello, > > If "guacadmin" creates an "RDP" connection and gives permissions to user > "foo" to access it, user "foo" doesn't seem to have permission to create a > new sharing profile on session "RDP". > > User "foo" needs to create a new "RDP-foo" connection to be able to create > a new sharing profile. > > Is this expected behaviour? This has been tested on Guacamole version > 1.2.0. > Yes, this is intentional. The part of the permission model controlled by the UI is just "READ" permission, but there is also: * "UPDATE" permission (controls whether a user/group can make changes to the properties of an object) * "DELETE" permission (controls whether a user/group can delete an object) * "ADMINISTER" permission (controls whether a user/group can affect other users/groups' access to the object) In the case of the database extensions, these permissions are granted automatically to the user creating an object, and are available implicitly to any user with full system administration permission. Outside of that, by design, any other user will not be able to edit or affect the connections created by other users in any way. See: http://guacamole.apache.org/doc/gug/guacamole-ext.html#ext-permissions - Mike
